sendou.ink/app/features/api-public/api-public-utils.server.ts

import { cors } from "remix-utils/cors";

const apiTokens = process.env["PUBLIC_API_TOKENS"]?.split(",") ?? [];
export function requireBearerAuth(req: Request) {
  const authHeader = req.headers.get("Authorization");
  if (!authHeader) {
    throw new Response("Missing Authorization header", { status: 401 });
  }
  const token = authHeader.replace("Bearer ", "");
  if (!apiTokens.includes(token)) {
    throw new Response("Invalid token", { status: 401 });
  }
}

export async function handleOptionsRequest(req: Request) {
  if (req.method === "OPTIONS") {
    throw await cors(req, new Response("OK", { status: 204 }), {
      origin: "*",
      credentials: true,
    });
  }
}